CN113497708A - Certificate application method and device - Google Patents

Certificate application method and device Download PDF

Info

Publication number
CN113497708A
CN113497708A CN202010193435.8A CN202010193435A CN113497708A CN 113497708 A CN113497708 A CN 113497708A CN 202010193435 A CN202010193435 A CN 202010193435A CN 113497708 A CN113497708 A CN 113497708A
Authority
CN
China
Prior art keywords
domain
certificate
vehicle networking
application
authorization token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010193435.8A
Other languages
Chinese (zh)
Other versions
CN113497708B (en
Inventor
周巍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Mobile Communications Equipment Co Ltd
Original Assignee
Datang Mobile Communications Equipment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Mobile Communications Equipment Co Ltd filed Critical Datang Mobile Communications Equipment Co Ltd
Priority to CN202010193435.8A priority Critical patent/CN113497708B/en
Priority to PCT/CN2020/137283 priority patent/WO2021184865A1/en
Publication of CN113497708A publication Critical patent/CN113497708A/en
Application granted granted Critical
Publication of CN113497708B publication Critical patent/CN113497708B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Abstract

The embodiment of the invention provides a certificate application method and a certificate application device, wherein the method comprises the following steps: when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an access domain authorization token sent by the second vehicle networking system; and acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token. The embodiment of the invention realizes the cross-system certificate application process.

Description

Certificate application method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a certificate application method and apparatus.
Background
In the field of vehicle networking safety communication, vehicles belong to different vehicle networking communication systems. When the vehicle needs to run across countries, the vehicle needs to enter the Internet of vehicles system of other countries across the system. In addition, even in the same country, there may be a situation where vehicles belonging to different internet of vehicles communication systems need to enter another internet of vehicles communication system for some reason. The cross-system access of the vehicle needs to be considered at this time, but the prior art does not relate to this.
Disclosure of Invention
The embodiment of the invention provides a certificate application method and device, and aims to realize a cross-system entering process of Internet of vehicles equipment.
The embodiment of the invention provides a certificate application method, which is applied to Internet of vehicles and comprises the following steps:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an access domain authorization token sent by the second vehicle networking system;
and acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token.
The embodiment of the invention provides a certificate application method, which is applied to a first vehicle networking system and comprises the following steps:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an out-of-domain application message sent by the vehicle networking equipment;
based on the domain-exiting application message, sending a domain-exiting authorization token to the car networking device, wherein the domain-exiting authorization token contains a device signature certificate of the car networking device, so that the car networking device sends a domain-entering application message to the second car networking system and obtains a domain-entering authorization token, the domain-entering application message contains the domain-exiting authorization token, and the domain-entering application message carries out digital signature through a private key corresponding to the device signature certificate.
The embodiment of the invention provides a certificate application method, which is applied to a second vehicle networking system and comprises the following steps:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, a domain-entering authorization token is sent to the vehicle networking equipment, so that the vehicle networking equipment obtains a registration certificate of the second vehicle networking system based on the domain-entering authorization token.
The embodiment of the invention provides a certificate application device, which is applied to Internet of vehicles and comprises:
the receiving module is used for receiving an access authorization token sent by a second vehicle networking system when the vehicle networking equipment applies for entering the second vehicle networking system from a first vehicle networking system;
and the acquisition module is used for acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token.
The embodiment of the invention provides a certificate application device, which is applied to a first vehicle networking system and comprises:
the receiving module is used for receiving an out-of-domain application message sent by the Internet of vehicles equipment when the Internet of vehicles equipment applies for entering a second Internet of vehicles system from a first Internet of vehicles system;
and the sending module is used for sending a domain authorization token to the vehicle networking equipment based on the domain-outgoing application message, wherein the domain-outgoing authorization token comprises the equipment signature certificate of the vehicle networking equipment, so that the vehicle networking equipment sends a domain-incoming application message to the second vehicle networking system and acquires the domain-incoming authorization token, the domain-incoming application message comprises the domain-outgoing authorization token, and the domain-incoming application message carries out digital signature through a private key corresponding to the equipment signature certificate.
The embodiment of the invention provides a certificate application device, which is applied to a second vehicle networking system and comprises the following components:
the sending module is used for sending a domain access authorization token to the vehicle networking equipment when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, so that the vehicle networking equipment obtains the registration certificate of the second vehicle networking system based on the domain access authorization token.
The embodiment of the invention provides a vehicle networking device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of the certificate application method.
The embodiment of the invention provides a first vehicle networking system, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of the certificate application method.
The embodiment of the invention provides a second car networking system, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the steps of the certificate application method.
Embodiments of the present invention provide a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the certificate application method.
According to the certificate application method and device provided by the embodiment of the invention, when the vehicle networking equipment needs to enter the second vehicle networking system from the first vehicle networking system, the vehicle networking equipment receives the domain-entering authorization token sent by the second vehicle networking system, and obtains the registration certificate of the second vehicle networking system through the domain-entering authorization token, so that the vehicle networking equipment in the first vehicle networking system can obtain the domain-entering authorization token and the registration certificate of the second vehicle networking system, the application process of the cross-system safety communication certificate is realized, and the cross-system entry from the first vehicle networking system to the second vehicle networking system can be realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating steps of a certificate application method applied to a vehicle networking device according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating steps of a certificate application method applied to a first vehicle networking system according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating steps of a certificate application method applied to a second car networking system according to an embodiment of the present invention;
FIG. 4 is a diagram of a reference frame for an embodiment of the present invention;
FIG. 5 is a block diagram of a certificate application apparatus applied to a vehicle networking device in an embodiment of the present invention;
fig. 6 is a block diagram of a certificate application apparatus applied to a first vehicle networking system in an embodiment of the present invention;
fig. 7 is a block diagram of a certificate application apparatus applied to a second car networking system in the embodiment of the present invention;
FIG. 8 is a schematic structural diagram of an embodiment of a vehicle networking device;
FIG. 9 is a schematic structural diagram of a first vehicle networking system according to an embodiment of the invention;
fig. 10 is a schematic structural diagram of a second car networking system according to an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For the convenience of clearly describing the technical solutions of the embodiments of the present invention, in each embodiment of the present invention, if words such as "first" and "second" are used to distinguish the same items or similar items with basically the same functions and actions, those skilled in the art can understand that the words such as "first" and "second" do not limit the quantity and execution order.
In the field of car networking, car networking security communication is implemented based on Public Key Infrastructure (PKI), and the basic configuration of the car networking PKI is the same.
Wherein, certificate application entity includes in the car networking system: an On Board Unit (OBU) and a Road Side Unit (RSU), wherein the OBU is a communication device installed On a vehicle and is responsible for sending and receiving a vehicle to outside information exchange (V2X) message; the RSU is a communication device installed on the roadside device, and is responsible for transmission and reception of messages by the roadside device V2X.
In addition, the Certificate issuing entity in the vehicle networking PKI system includes a Root Certificate Authority (Root CA), a registration CA (enterprise CA, ECA) and an Application CA (Application CA, ACA), wherein the Root CA is a security anchor point of the vehicle networking security PKI system and is used for issuing a sub CA Certificate to a subordinate sub CA; the registration CA issues registration certificates to the entities in the Security initialization (Security Bootstrap) phase of the OBU and the RSU systems, and the OBU and the RSU apply for application certificates by using the registration certificates; the application CA issues to the OBU and RSU a certificate that it uses to sign the V2X message that is broadcast. The corresponding certificate categories include a root certificate, a registration certificate, and an application certificate, where the root certificate is a self-signed certificate of the root CA. The root certificate is a root node of a certificate chain of the PKI system, which is also called a trust anchor (trust anchor) of the PKI system; the registration certificate is issued to the OBU and the RSU by the registration CA, the registration certificate is uniquely corresponding to the equipment, and the equipment acquires other application certificates related to the safety communication of the Internet of vehicles from each authorization mechanism by using the registration certificate; an application certificate is a certificate issued to an OBU and an RSU for digitally signing messages it broadcasts, e.g., the OBU digitally signs vehicle driving status information it broadcasts and the RSU digitally signs traffic signal status information it broadcasts.
In addition, the existing application certificate issuing process generally includes that an OBU/RSU applies for a registration certificate to a registration CA, and the OBU/RSU issues the registration certificate after the registration CA audits; the OBU/RSU applies an application certificate specifically used for digitally signing the V2X message to an application CA in charge of a certain car networking application field by using the registration certificate, and issues the application certificate to the OBU/RSU after the application CA verifies the application certificate; the OBU/RSU digitally signs the V2X message broadcast by the OBU/RSU by using the application certificate, and broadcasts the signed message together with the signed certificate; the OBU/RSU receiving the V2X signed message first verifies the signature certificate in the message using the pre-stored application CA certificate and then verifies the validity of the signed message using the verified signature certificate.
Although the above process enables communication across the internet of vehicles, it does not relate to communication across systems, i.e., the internet of vehicles devices enter from one internet of vehicles system to another internet of vehicles system.
As shown in fig. 1, a certificate application method applied to a device in a vehicle networking system in an embodiment of the present invention includes the following steps:
step 101: when the vehicle networking device applies for entering a second vehicle networking system from the first vehicle networking system, the domain entering authorization token sent by the second vehicle networking system is received.
In particular, the vehicle networking device may refer to an entity participating in vehicle networking communication, such as an OBU installed on a vehicle for time slot vehicle communication capability or an RSU installed on road side traffic equipment for implementing device communication capability.
In addition, the first vehicle networking system and the second vehicle networking system are two different vehicle networking systems, and the first vehicle networking system can be used as a source domain, and the second vehicle networking system can be used as a destination domain, that is, for the second vehicle networking system, entering the domain means entering the second vehicle networking system from the first vehicle networking system, and for the first vehicle networking system, exiting the domain means entering the second vehicle networking system from the first vehicle networking system. Of course, the car networking safety communication can be carried out by using the safety communication certificate capable of mutual authentication aiming at the car networking equipment in the same car networking system.
In this step, the car networking device is initially located in the first car networking system, and at this time, if the car networking device needs to enter the second car networking system from the first car networking system, the domain entry authorization token sent by the second car networking system may be received.
It should be noted that different functional entities may be included in the second vehicle networking system to implement the division of different functions, for example, a cross-domain application authorization entity may be included in the second vehicle networking system, and the entity is configured to issue a domain authorization token to a vehicle networking device that is out of the domain or issue a domain authorization token to a vehicle networking device that is in the domain in one vehicle networking system; that is, in this step, the car networking device may receive the domain entry authorization token sent by the cross-domain application authorization entity in the second car networking system.
In addition, the domain-entry authorization token refers to a token issued by the vehicle networking system and allowing the vehicle networking device to apply for the secure communication certificate in the system. Of course, the domain-entry authorization token may be issued by a cross-domain application authorization entity and its private key may be used to digitally sign the authorization information to provide integrity, authentication, and non-repudiation of the token data.
Step 102: and acquiring a registration certificate of the second vehicle networking system based on the domain-entry authorization token.
In this step, specifically, after receiving the domain entry authorization token, the car networking device may acquire the registration certificate of the second car networking system, so that the car networking device can enter the second car networking system based on the registration certificate, an application process of a cross-system secure communication certificate is realized, and cross-system entry from the first car networking system to the second car networking system can be realized.
In this way, the car networking device in this embodiment receives the domain-entering authorization token sent by the second car networking system when the first car networking system needs to enter the second car networking system, and obtains the registration certificate of the second car networking system through the domain-entering authorization token, so that the car networking device in the first car networking system can obtain the domain-entering authorization token and the registration certificate of the second car networking system, and therefore the application process of the cross-system security communication certificate is achieved, and the cross-system entry from the first car networking system to the second car networking system can be achieved.
In addition, further, in this embodiment, before the car networking device receives the domain entry authorization token sent by the second car networking system, the car networking device may also send a domain exit application message to the first car networking system, and receive the domain exit authorization token sent by the first car networking system based on the domain exit application message, where the domain exit authorization token includes the device signature certificate of the car networking device, and then send the domain entry application message to the second car networking system, where the domain entry application message includes the domain exit authorization token, and the domain entry application message is digitally signed by a private key corresponding to the device signature certificate.
Specifically, when the vehicle networking device needs to enter the second vehicle networking system, the domain application message may be sent to the first vehicle networking system first, and at this time, the domain application message may be sent to the cross-domain application authorization entity in the first vehicle networking system, and then the cross-domain application authorization entity in the first vehicle networking system may send the domain authorization token to the vehicle networking device based on the domain application message, so that the vehicle networking device may send the domain application message to the second vehicle networking system through the domain authorization token, and obtain the domain access authorization token sent by the second vehicle networking system based on the domain access application message.
It should be noted that the out-of-domain authorization token refers to a token issued by the cross-domain authorization entity in the first vehicle networking system to the vehicle networking device in the system, and allowing the cross-domain authorization entity to apply for a secure communication certificate in another vehicle networking system. Of course, the cross-domain authorization entity in the first vehicle networking system may digitally sign the authorization information using its private key to provide integrity, authentication, and non-repudiation of the token data.
In addition, each internet of vehicles system can also maintain a trusted certificate list, and the trusted certificate list stores signature certificates (public key certificates) of other internet of vehicles systems. That is, the cross-domain application authorization entity in the other car networking system can digitally sign the domain entry authorization token or the domain exit authorization token issued by the cross-domain application authorization entity using the private key corresponding to the signature certificate, and at this time, the cross-domain application authorization entity in the corresponding car networking system can verify the domain entry authorization token or the domain exit authorization token from the other car networking system using the certificate stored in the trusted certificate list. That is, the domain entry authorization token and the domain exit authorization token in this embodiment are both security tokens.
Specifically, the out-domain authorization token includes an equipment signature certificate (i.e., an equipment signature public key certificate) of the car networking equipment, and the in-domain application message is digitally signed by a private key corresponding to the equipment signature certificate. When the second vehicle networking system receives the domain access application message, the domain access authorization token in the domain access application message can be obtained firstly, and the signature public key certificate of the first vehicle networking system can be obtained from a pre-stored trusted certificate list, namely, the signature public key certificate of the cross-domain application authorization entity in the first vehicle networking system can be obtained, so that whether the domain access authorization token is valid or not is verified through the signature public key certificate of the first vehicle networking system; at this time, when the domain authorization token is verified to be valid, the device signature certificate of the car networking device in the domain authorization token can be extracted, then the digital signature of the domain access application message is verified by using the device signature certificate, and at this time, if the digital signature of the domain access application message is valid, other information contained in the domain authorization token can be continuously extracted. Therefore, the vehicle networking equipment corresponding to each domain entering application message can be determined, and the safety and the effectiveness in the cross-system application process are realized.
It should be noted that the out-of-domain authorization token further includes device information of the car networking device and/or a registration certificate application message.
That is, the out-of-domain authorization token may further include device information of the car networking device, such as OBU related information, vehicle related information, and the like; in addition, the domain-exiting authorization token may further include a registration certificate application message, that is, the process of applying for the domain-entering authorization token and the process of applying for the registration certificate may be combined at this time, and the registration certificate application message may be a public key in a key pair generated for applying for the registration certificate on the same day.
In addition, further, in this embodiment, before sending the domain application message to the first car networking system, the car networking device may also send an identification application message to the second car networking system, and then receive a cross-domain application identification sent by the second car networking system based on the identification application message, where the cross-domain application identification corresponds to the current entry application; the domain-crossing application identifier is contained in both the domain-crossing application message and the domain-crossing authorization token.
Specifically, the second car networking system may further include a cross-domain application identifier generation entity, which is responsible for generating a cross-domain application identifier uniquely corresponding to the process of the car networking device applying the cross-system car networking communication certificate.
In addition, the cross-domain application identifier is an identifier which uniquely identifies the process that the vehicle networking equipment applies for the communication security certificate of the vehicle networking communication system. Specifically, the generation of the cross-domain application identifier may be generated in a manner related to a cryptographic protocol, or may be generated in a manner unrelated to the cryptographic protocol, which is not limited herein. The mode related to the cryptographic protocol means that the cross-domain application identifier is generated by performing cryptographic operation on the device information of the vehicle networking device and/or the information related to the application process.
Specifically, when the car networking device applies for the cross-domain application identifier to the second car networking system first, the out-domain application message sent by the car networking device to the first car networking system and the out-domain authorization token issued by the first car networking system all contain the cross-domain application identifier, that is, the first car networking system can bind the cross-domain application identifier generated by the second car networking system with the out-domain authorization token generated by the second car networking system.
On the basis of the above embodiment, the out-of-domain authorization token may further include device information of the car networking device and/or a registration certificate application message.
In addition, in this embodiment, when receiving the domain entry authorization token sent by the second vehicle networking system, the vehicle networking device may receive a domain entry response message sent by the second vehicle networking system based on the domain entry application message, where the domain entry response message includes the domain entry authorization token, and the domain entry authorization token includes the device signature certificate and the cross-domain application identifier corresponding to the current domain entry application.
Of course, the domain entry authorization token also includes device information of the vehicle networking device and/or device identification of the vehicle networking device in the second vehicle networking system.
In addition, the domain entry response message also includes address information of the registered CA in the second vehicle networking system and/or address information of the application CA in the second vehicle networking system. This enables the internet of things device to send registration certificate application messages and application certificate application messages based on the address information.
In addition, in this embodiment, when the car networking device obtains the registration certificate of the second car networking system based on the domain-entry authorization token, the car networking device may send a registration certificate application message to the second car networking system, where the registration certificate application message includes the domain-entry authorization token, and the registration certificate application message is digitally signed by a private key corresponding to the device signature certificate, and then receives the registration certificate sent by the second car networking system based on the registration certificate application message.
Specifically, the second vehicle networking system may further include a registration CA, that is, the vehicle networking device may send a registration certificate application message to the registration CA in the second vehicle networking system, so as to apply for a registration certificate of the second vehicle networking system. At this time, when receiving the registration certificate application message, the registration CA in the second vehicle networking system may obtain the domain entry authorization token in the registration certificate application message, obtain the device signature certificate in the domain entry authorization token, verify the digital signature of the registration certificate application message by using the device signature certificate, and issue the registration certificate to the vehicle networking device after the verification is passed, thereby ensuring the security in the certificate application process.
Of course, after obtaining the registration certificate of the second vehicle networking system based on the in-domain authorization token, the vehicle networking device may further send an application certificate application message to the second vehicle networking system, where the application certificate application message includes the registration certificate, and then receive the application certificate sent by the second vehicle networking system based on the application certificate application message.
It should be noted that, the application certificate application message may also be digitally signed by using a private key corresponding to the device signature certificate, and the process is the same as the registration certificate application process, which is not described in detail herein.
Namely, after the car networking device obtains the registration certificate of the second car networking system, the registration certificate of the second car networking system can be utilized to apply the application certificate of realizing car networking safety communication in the second car networking system to the application CA of the second car networking system, so that cross-system safety communication of the car networking device is realized.
In this way, the car networking device in this embodiment receives the domain-entering authorization token sent by the second car networking system, and obtains the registration certificate of the second car networking system through the domain-entering authorization token, so that the car networking device in the first car networking system can obtain the domain-entering authorization token and the registration certificate of the second car networking system, and thus the application process of the cross-system secure communication certificate is realized, and the cross-system access from the first car networking system to the second car networking system can be realized.
As shown in fig. 2, which is a flowchart illustrating steps of a certificate application method applied to a first vehicle networking system in an embodiment of the present invention, the method includes the following steps:
step 201: when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, an out-of-domain application message sent by the vehicle networking equipment is received.
Specifically, when the car networking device needs to perform cross-system communication, the domain application message may be sent to the first car networking system first, and at this time, the first car networking system accesses the domain application message.
It should be noted that, for specific contents of the first internet-of-vehicles system, the second internet-of-vehicles system, and the outbound application message, reference may be made to the related contents of the above-mentioned internet-of-vehicles device side, and no specific limitation is made herein.
Step 202: and sending the domain authorization token to the Internet of vehicles equipment based on the domain-out application message.
Specifically, the first car networking system may send the domain authorization token to the car networking device when acquiring the domain application message.
The out-domain authorization token comprises a device signature certificate of the car networking device, so that the car networking device sends an in-domain application message to the second car networking system and obtains the in-domain authorization token, the in-domain application message comprises the out-domain authorization token, and the in-domain application message is digitally signed through a private key corresponding to the device signature certificate.
It should be noted that, the related descriptions of the above contents may refer to the related contents of the above-mentioned car networking device side, and are not specifically limited herein.
In addition, it should be noted that the domain-crossing application identifier is included in both the domain-crossing application message and the domain-crossing authorization token; the cross-domain application identifier is obtained by applying the car networking equipment to the second car networking system, and corresponds to the current entering application.
Of course, it is also necessary to supplement that the out-of-domain authorization token further includes device information of the car networking device and/or a registration certificate application message.
It should be noted that specific contents of the above information may refer to specific relevant contents of the car networking device side method embodiment, and are not described in detail here.
In this way, the first car networking system in this embodiment receives the out-domain application message sent by the car networking device, and sends the out-domain authorization token to the car networking device based on the out-domain application message, so that the car networking device can obtain the in-domain authorization token of the second car networking system based on the out-domain authorization token, thereby implementing an application process of a cross-system secure communication certificate, and thus implementing cross-system access from the first car networking system to the second car networking system.
In addition, as shown in fig. 3, a flowchart of steps of a certificate application method applied to the second car networking system in the embodiment of the present invention is shown, where the method includes the following steps:
step 301: when the vehicle networking device applies for entering a second vehicle networking system from the first vehicle networking system, a domain-entering authorization token is sent to the vehicle networking device.
Specifically, when the car networking device needs to perform cross-domain communication, the second car networking system can send the domain-entry authorization token to the car networking device, so that the car networking device can obtain the registration certificate of the second car networking system based on the domain-entry authorization token.
Specifically, when the second car networking system sends the domain-entry authorization token to the car networking device, the second car networking system can receive a domain-entry application message sent by the car networking device, wherein the domain-entry application message comprises a domain-exit authorization token, the domain-exit authorization token is obtained by applying the car networking device to the first car networking system, the domain-exit authorization token comprises a device signature certificate of the car networking device, and the domain-entry application message is digitally signed through a private key corresponding to the device signature certificate; and then sending a domain access response message to the vehicle networking equipment based on the domain access application message, wherein the domain access response message comprises a domain access authorization token, and the domain access authorization token comprises an equipment signature certificate and a cross-domain application identifier corresponding to the current domain access application.
It should be noted that, relevant content in this embodiment may refer to relevant content in the embodiment on the car networking device side, and details are not described herein again.
In addition, further, before the second vehicle networking system sends the domain access response message to the vehicle networking device based on the domain access application message, the second vehicle networking system can also acquire a domain access authorization token in the domain access application message and acquire a device signature certificate in the domain access authorization token; and when the digital signature of the domain-entering application message is verified to be the valid signature through the equipment signature certificate, determining that the domain-entering application message is the valid message.
Before issuing the domain authorization token to the vehicle networking equipment, the second vehicle networking system needs to verify the validity of the domain access application message, namely identity information of the vehicle networking equipment applying the domain access authorization token needs to be determined, at this time, the second vehicle networking system can obtain the domain authorization token from the domain access application message, and verify whether the domain access authorization token is valid or not based on a signature public key certificate of the first vehicle networking system in a pre-stored trusted certificate list; when the domain authorization token is verified to be valid, the device signature certificate in the domain authorization token can be obtained, so that the validity of the digital signature of the domain access application message can be verified through the device signature certificate; at this time, if the digital signature of the domain entry application message obtained through verification is a valid signature, the domain entry application message can be determined to be a valid message, that is, the identity information of the vehicle networking device can be determined, and at this time, a domain entry authorization token can be further issued.
In addition, in this embodiment, before receiving the domain entry application message sent by the car networking device, the second car networking system may also receive an identifier application message sent by the car networking device, and send a cross-domain application identifier to the car networking device based on the identifier application message, where the cross-domain application identifier corresponds to the current domain entry application. Correspondingly, the out-of-domain authorization token also comprises a cross-domain application identifier.
Specifically, the out-of-domain authorization token further includes device information of the car networking device and/or a registration certificate application message.
In addition, specifically, the domain-entry authorization token further includes device information of the car networking device and/or a device identifier of the car networking device in the second car networking system. The domain entry response message also contains address information of a registered Certificate Authority (CA) in the second vehicle networking system; and the address information of the CA is applied in the second car networking system.
It should be noted that, for specific description of the above information, reference may be made to relevant contents of the car networking device side embodiment, and detailed description is not provided herein.
In addition, specifically, after sending the domain-entry authorization token to the car networking device, the second car networking system may receive a registration certificate application message sent by the car networking device, where the registration certificate application message includes the domain-entry authorization token, and the registration certificate application message is digitally signed by a private key corresponding to the device signature certificate; and then acquiring a domain access authorization token in the registration certificate application message, acquiring a device signature certificate in the domain access authorization token, determining that the registration certificate application message is a valid message when the digital signature of the registration certificate application message is a valid signature through device signature certificate verification, and sending the registration certificate to the Internet of vehicles.
Certainly, after the second car networking system sends the registration certificate to the car networking device, an application certificate application message sent by the car networking device can be received, wherein the application certificate application message contains the registration certificate; and then sending the application certificate to the Internet of vehicles equipment based on the application certificate application message.
It should be noted that specific contents of the foregoing process may refer to related contents of the embodiment on the car networking device side, and are not described herein again.
In this way, the second car networking system in this embodiment realizes the application process of the cross-system secure communication certificate by sending the access domain authorization token to the car networking device, so that cross-system access from the first car networking system to the second car networking system can be realized.
The above embodiments are specifically described below through a complete certificate application flow.
Referring to the framework diagram shown in fig. 4, in the process of applying for the secure communication certificate across the systems by the car networking devices, assuming that the car networking device in the first car networking system applies for the secure communication certificate in the second car networking system, one of the applying processes may include the following steps:
the method comprises the following steps that 1, the vehicle networking equipment generates an entity application cross-domain application identifier from a cross-domain application identifier in a second vehicle networking system. Certainly, according to the requirement of the second car networking system, the identification application message for applying the cross-domain application identification may further include some information related to the certificate application, such as the country of the car networking device, the license plate number, the entering time, the leaving time, and the like.
In addition, the cross-domain application identifier generation entity allocates a cross-domain application identifier uniquely corresponding to the application to the vehicle networking equipment, and simultaneously, the cross-domain application identifier can be provided for a cross-domain application authorization entity in the system. The generation of the cross-domain application identifier may be generated by a cryptographic method, or may be generated by a method that is not based on cryptography, which is not limited herein.
And 2, the vehicle networking equipment applies a domain authorization token to a cross-domain application authorization entity in the first vehicle networking system. The domain-crossing application message may include a domain-crossing application identifier assigned by a domain-crossing application authorization entity in the second vehicle networking system. Of course, depending on the requirements of the first car networking system, the outbound application message may need to provide some relevant information, such as the country to be entered, the license plate number, the type of car, the usage of the car, the time of entry and the time of exit.
And 3, checking the domain application message by the cross-domain application authorization entity in the first vehicle networking system, and if the domain application message is allowed, generating a domain-exit authorization token for the vehicle networking equipment. The out-of-domain authorization token may contain the following information: generating a cross-domain application identifier distributed by the entity by the cross-domain application identifier in the second vehicle networking system; the device signature certificate of the Internet of vehicles device, the Internet of vehicles device will use the private key corresponding to the certificate to digitally sign the domain access application message; device information of the vehicle networking device, such as OBU-related information and vehicle-related information; other information such as token issuer identification, token validity period, signed certificate information, time of entry and time of departure, etc.
And 4, the vehicle networking equipment applies for the domain-entering authorization token to a cross-domain application authorization entity in the second vehicle networking system, namely sends a domain-entering application message. The domain entry application message is digitally signed using a private key corresponding to the device signing certificate contained in the domain exit authorization token. The domain-entry application message contains a domain-exit authorization token.
5, the cross-domain application authorization entity in the second vehicle networking system verifies the domain-entering application message, and the specific operations include: acquiring a domain-out authorization token in a domain-in application message, acquiring a signature public key certificate of a cross-domain application authorization entity of a first vehicle networking system from a pre-stored trusted certificate list, and then verifying whether the domain-out authorization token is valid by using the public key certificate; if the domain-out authorization token is valid, extracting a signature public key certificate in the domain-out authorization token, and then using the certificate to verify whether the digital signature of the domain-in application message is valid; if the digital signature is valid, the device and vehicle parameters carried in the token are extracted, and the parameters of the first vehicle networking system are mapped to the second vehicle networking system by using a domain mapping strategy, such as the vehicle type, the vehicle usage, the date and time format and the like.
6, the cross-domain application authorization entity of the second vehicle networking system generates an access domain authorization token for the vehicle networking device, which includes: applying for identification across domains; a device signature certificate of the Internet of things device; the second vehicle networking system is a newly allocated equipment identifier used in the system for the Internet of things equipment; device information of the internet of things devices that have been mapped to the system; other information such as token issuer identification, token validity period, signed certificate information, time of entry and time of departure, etc.; the second car networking system sends the domain-entry authorization token through the domain-entry response message, and the domain-entry response message can also contain information such as the address and the used protocol of the registered CA and/or the application CA in the system.
And 7, the Internet of things equipment applies for a registration certificate to a registration CA in the second vehicle networking system according to a protocol specified by the second vehicle networking system, and the registration certificate application message is signed by using an equipment signature private key corresponding to the equipment signature certificate contained in the domain-entering authorization token. The registration certificate application message may include the domain authorization token and a public key in a key pair generated by the internet of things device for applying for the registration certificate.
8, the registration CA in the second vehicle networking system verifies the registration certificate application message, and the specific operation comprises the following steps: the registration CA acquires an access authorization token in the registration certificate application message, utilizes a public key certificate of a cross-domain application authorization entity in a second vehicle networking system to verify whether the access authorization token is valid, extracts an equipment signature certificate of the Internet of things equipment in the token if the token is valid, and then uses the equipment signature certificate to verify whether a digital signature of the registration certificate application message is valid; if the digital signature is valid, various device parameters and vehicle parameters in the domain authorization token and information such as a public key provided in the token are extracted to issue a registration certificate for the Internet of vehicles device.
And 9, the Internet of vehicles equipment applies the corresponding application certificate to the application CA in the second Internet of vehicles system according to the protocol specified by the second Internet of vehicles system by using the received registration certificate. And the application CA verifies the application certificate application message and then issues a corresponding application certificate to the equipment of the Internet of things according to the system rule.
And 10, the Internet of things equipment utilizes the application certificate to realize the vehicle networking safety communication in the second vehicle networking system.
And finishing the whole certificate application process.
In addition, another application process may also be that the internet of things device requests a domain authorization token from a cross-domain authorization entity of the first vehicle networking system, and the cross-domain authorization entity issues the domain authorization token to the internet of things device, where the token includes a device signature certificate; then, the Internet of things equipment provides the prepared domain authorization token for a cross-domain authorization entity of a second vehicle networking system, the cross-domain authorization entity firstly generates a cross-domain application identifier and then issues the domain authorization token to the Internet of things equipment, and the issued token comprises the cross-domain application identifier and an equipment signature certificate; and then, the Internet of things equipment applies for a registration certificate and an application certificate of a second vehicle networking system by using the access domain authorization token.
In addition, another application process may also be that the process of applying for the domain entry authorization token is combined with the process of applying for the registration certificate, that is, the domain exit authorization token may also include a registration certificate application message.
In addition, as shown in fig. 5, a block diagram of a certificate application apparatus applied to a device in a vehicle networking system according to an embodiment of the present invention is shown, where the apparatus includes:
the receiving module 501 is used for receiving an access authorization token sent by a second vehicle networking system when the vehicle networking device applies for entering the second vehicle networking system from a first vehicle networking system;
an obtaining module 502, configured to obtain a registration certificate of the second car networking system based on the domain entry authorization token.
Optionally, the apparatus further comprises:
the first sending module is used for sending out a domain application message to the first car networking system;
a first receiving unit, configured to receive an out-domain authorization token sent by the first vehicle networking system based on the out-domain application message, where the out-domain authorization token includes a device signature certificate of the vehicle networking device;
and the second sending module is used for sending a domain entering application message to the second vehicle networking system, wherein the domain entering application message comprises the domain exiting authorization token, and the domain entering application message is digitally signed through a private key corresponding to the device signature certificate.
It should be noted that, the apparatus can implement all the method steps of the car networking device method embodiment side, and can achieve the same technical effect, and details are not described herein again.
As shown in fig. 6, a block diagram of a certificate application apparatus applied to a first car networking system in an embodiment of the present invention is shown, where the apparatus includes:
the receiving module 601 is used for receiving an out-of-domain application message sent by the vehicle networking equipment when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system;
a sending module 602, configured to send a domain authorization token to the car networking device based on the domain exit application message, where the domain exit authorization token includes the device signature certificate of the car networking device, so that the car networking device sends a domain entry application message to the second car networking system and obtains a domain entry authorization token, the domain entry application message includes the domain exit authorization token, and the domain entry application message carries out digital signature through a private key corresponding to the device signature certificate.
Optionally, the domain crossing application identifier is included in both the domain crossing application message and the domain crossing authorization token; the cross-domain application identifier is the fact that the car networking equipment applies for the second car networking system, and the cross-domain application identifier corresponds to the current entering application.
It should be noted that, the apparatus can implement all the method steps of the first car networking system method embodiment side, and can achieve the same technical effect, and details are not described herein again.
As shown in fig. 7, a block diagram of a certificate application apparatus applied to a second car networking system in an embodiment of the present invention is shown, where the apparatus includes:
the sending module 701 is configured to send a domain access authorization token to the car networking device when the car networking device applies for entering a second car networking system from a first car networking system, so that the car networking device obtains a registration certificate of the second car networking system based on the domain access authorization token.
Optionally, the sending module 701 is specifically configured to receive a domain entry application message sent by the car networking device, where the domain entry application message includes a domain exit authorization token, the domain exit authorization token is obtained by applying the car networking device to the first car networking system, the domain exit authorization token includes a device signature certificate of the car networking device, and the domain entry application message is digitally signed by a private key corresponding to the device signature certificate; and sending a domain access response message to the car networking equipment based on the domain access application message, wherein the domain access response message comprises a domain access authorization token, the domain access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the current domain access application, and the domain access response message carries out digital signature through a private key corresponding to the equipment signature certificate.
It should be noted that, the apparatus can implement all the method steps of the second car networking system method embodiment side, and can achieve the same technical effect, and details are not described herein again.
Fig. 8 is a schematic structural diagram of a car networking device according to an embodiment of the present invention, and as shown in fig. 8, the car networking device 800 may include at least one processor 801, a memory 802, at least one other user interface 803, and a transceiver 804. The various components in the vehicle networking device 800 are coupled together by a bus system 805. It is understood that the bus system 805 is used to enable communications among the components connected. The bus system 805 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled in fig. 8 as the bus system 805, which may include any number of interconnected buses and bridges, with one or more processors, represented by the processor 801, and various circuits, represented by the memory 802, being linked together. The bus system may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, embodiments of the present invention will not be described any further. The bus interface provides an interface. The transceiver 804 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. For different user devices, the user interface 803 may also be an interface capable of interfacing externally to a desired device, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
It will be appreciated that the memory 802 in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (ddr Data Rate SDRAM, ddr SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 802 of the systems and methods described in connection with the various embodiments of the invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The processor 801 is responsible for managing the bus system and general processing, and the memory 802 may store computer programs or instructions used by the processor 801 in performing operations, in particular, the processor 801 may be configured to: when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an access domain authorization token sent by the second vehicle networking system; and acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token.
The methods disclosed in the embodiments of the present invention described above may be implemented in the processor 801 or implemented by the processor 801. The processor 801 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 801. The Processor 801 may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 802, and the processor 801 reads the information in the memory 802, and combines the hardware to complete the steps of the method.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units configured to perform the functions described herein, or a combination thereof.
For a software implementation, the techniques described may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described in the embodiments of the invention. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
Optionally, as another embodiment, before receiving the domain entry authorization token sent by the second car networking system, the processor 801 is further configured to: sending a domain application message to the first car networking system; receiving an out-domain authorization token sent by the first vehicle networking system based on the out-domain application message, wherein the out-domain authorization token comprises a device signature certificate of the vehicle networking device; and sending an access domain application message to the second vehicle networking system, wherein the access domain application message comprises the access domain authorization token, and the access domain application message is digitally signed through a private key corresponding to the device signature certificate.
Optionally, as another embodiment, before sending the domain application message to the first car networking system, the processor 801 is further configured to: sending an identification application message to the second vehicle networking system; receiving a cross-domain application identifier sent by the second vehicle networking system based on the identifier application message, wherein the cross-domain application identifier corresponds to the current access application; wherein, the domain-crossing application identifier is included in both the domain-crossing application message and the domain-crossing authorization token.
Optionally, as another embodiment, the out-of-domain authorization token further includes device information of the car networking device and/or a registration certificate application message.
Optionally, as another embodiment, the processor 801 is further configured to: and receiving an access response message sent by the second vehicle networking system based on the access application message, wherein the access response message comprises the access authorization token, and the access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the access application.
Optionally, as another embodiment, the domain entry authorization token further includes device information of the car networking device and/or a device identifier of the car networking device in the second car networking system; the domain entry response message further includes address information of a registered Certificate Authority (CA) in the second vehicle networking system and/or address information of an application CA in the second vehicle networking system.
Optionally, as another embodiment, the processor 801 is further configured to: sending a registration certificate application message to the second vehicle networking system, wherein the registration certificate application message contains the domain-entering authorization token and is digitally signed by a private key corresponding to the device signature certificate; and receiving the registration certificate sent by the second vehicle networking system based on the registration certificate application message.
Optionally, as another embodiment, the processor 801 is further configured to: sending an application certificate application message to the second vehicle networking system, wherein the application certificate application message contains the registration certificate; and receiving the application certificate sent by the second vehicle networking system based on the application certificate application message.
The car networking device provided by the embodiment of the invention can realize each process realized by the car networking device in the embodiment, and is not repeated here for avoiding repetition.
Fig. 9 is a schematic structural diagram of a first car networking system according to an embodiment of the present invention, and as shown in fig. 9, the first car networking system 900 may include at least one processor 901, a memory 902, at least one other user interface 903, and a transceiver 904. The various components in the first networked vehicle system 900 are coupled together by a bus system 905. It is understood that the bus system 905 is used to enable communications among the components. The bus system 905 includes a power bus, a control bus, and a status signal bus, in addition to a data bus. For clarity of illustration, however, the various buses are labeled in fig. 9 as bus system 905, which may include any number of interconnected buses and bridges, with one or more processors, represented by processor 901, and various circuits, represented by memory 902, being linked together. The bus system may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, embodiments of the present invention will not be described any further. The bus interface provides an interface. The transceiver 904 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The user interface 903 may also be an interface capable of interfacing with a desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
It is to be understood that the memory 902 in embodiments of the present invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (ddr Data Rate SDRAM, ddr SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 902 of the systems and methods described in connection with the various embodiments of the invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The processor 901 is responsible for managing the bus system and general processing, and the memory 902 may store computer programs or instructions used by the processor 901 in performing operations, in particular, the processor 901 may be configured to: when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an out-of-domain application message sent by the vehicle networking equipment; based on the domain-exiting application message, sending a domain-exiting authorization token to the car networking device, wherein the domain-exiting authorization token contains a device signature certificate of the car networking device, so that the car networking device sends a domain-entering application message to the second car networking system and obtains a domain-entering authorization token, the domain-entering application message contains the domain-exiting authorization token, and the domain-entering application message carries out digital signature through a private key corresponding to the device signature certificate.
Optionally, as another embodiment, the domain crossing application identifier is included in both the domain crossing application message and the domain crossing authorization token; the cross-domain application identifier is the fact that the car networking equipment applies for the second car networking system, and the cross-domain application identifier corresponds to the current entering application.
Optionally, as another embodiment, the out-of-domain authorization token further includes device information of the car networking device and/or a registration certificate application message.
The first car networking system provided by the embodiment of the invention can realize each process realized by the first car networking system in the embodiment, and is not described herein again in order to avoid repetition.
Fig. 10 is a schematic structural diagram of a second car networking system according to an embodiment of the present invention, and as shown in fig. 10, the second car networking system 1000 may include at least one processor 1001, a memory 1002, at least one other user interface 1003, and a transceiver 1004. The various components in the second networking system 1000 are coupled together by a bus system 1005. It is understood that bus system 1005 is used to enable communications among the components connected. The bus system 1005 includes a power bus, a control bus, and a status signal bus, in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 1005 in fig. 10, which may include any number of interconnected buses and bridges, with one or more processors, represented by processor 1001, and various circuits, represented by memory 1002, being linked together. The bus system may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, embodiments of the present invention will not be described any further. The bus interface provides an interface. The transceiver 1004 may be a number of elements including a transmitter and a receiver that provide a means for communicating with various other apparatus over a transmission medium. The user interface 1003 may also be an interface capable of interfacing with a desired device for different user devices, including but not limited to a keypad, display, speaker, microphone, joystick, etc.
It is to be understood that the memory 1002 in embodiments of the present invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (ddr Data Rate SDRAM, ddr SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 1002 of the described systems and methods for embodiments of the present invention is intended to comprise, without being limited to, these and any other suitable types of memory.
The processor 1001 is responsible for managing the bus system and general processing, and the memory 1002 may store computer programs or instructions used by the processor 1001 in performing operations, and in particular, the processor 1001 may be configured to: when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, a domain-entering authorization token is sent to the vehicle networking equipment, so that the vehicle networking equipment obtains a registration certificate of the second vehicle networking system based on the domain-entering authorization token.
Optionally, as another embodiment, the processor 1001 is further configured to: receiving an entry domain application message sent by the Internet of vehicles equipment, wherein the entry domain application message comprises an exit domain authorization token, the exit domain authorization token is obtained by applying the Internet of vehicles equipment to the first Internet of vehicles system, the exit domain authorization token comprises an equipment signature certificate of the Internet of vehicles equipment, and the entry domain application message is digitally signed through a private key corresponding to the equipment signature certificate; and sending a domain access response message to the vehicle networking equipment based on the domain access application message, wherein the domain access response message comprises a domain access authorization token, and the domain access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the current domain access application.
Optionally, as another embodiment, before receiving the domain entry request message sent by the car networking device, the processor 1001 is further configured to: receiving an identification application message sent by the Internet of vehicles equipment; sending a cross-domain application identifier to the Internet of vehicles equipment based on the identifier application message, wherein the cross-domain application identifier corresponds to the current access application; correspondingly, the domain-crossing authorization token also comprises the cross-domain application identifier.
Optionally, as another embodiment, the out-of-domain authorization token further includes device information of the car networking device and/or a registration certificate application message.
Optionally, as another embodiment, the domain entry authorization token further includes device information of the car networking device and/or a device identifier of the car networking device in the second car networking system; the domain entry response message further includes address information of a registered Certificate Authority (CA) in the second vehicle networking system and/or address information of an application CA in the second vehicle networking system.
Optionally, as another embodiment, before sending the domain entry response message to the car networking device based on the domain entry request message, the processor 1001 is further configured to: acquiring a domain-out authorization token in the domain-in application message, and acquiring a device signature certificate in the domain-out authorization token; and when the digital signature of the domain-entering application message is verified to be a valid signature through the equipment signature certificate, determining that the domain-entering application message is a valid message.
Optionally, as another embodiment, after sending the domain authorization token to the car networking device, the processor 1001 is further configured to: receiving a registration certificate application message sent by the Internet of vehicles equipment, wherein the registration certificate application message comprises the access domain authorization token and is digitally signed through a private key corresponding to the equipment signature certificate; acquiring the access domain authorization token in the registration certificate application message, and acquiring a device signature certificate in the access domain authorization token; and when the digital signature of the registration certificate application message is a valid signature obtained through the equipment signature certificate verification, determining that the registration certificate application message is a valid message, and sending a registration certificate to the Internet of vehicles equipment.
Optionally, as another embodiment, after sending the registration certificate to the car networking device, the processor 1001 is further configured to: receiving an application certificate application message sent by the Internet of vehicles equipment, wherein the application certificate application message contains the registration certificate; and sending the application certificate to the Internet of vehicles equipment based on the application certificate application message.
The second vehicle networking system provided by the embodiment of the invention can realize each process realized by the second vehicle networking system in the embodiment, and is not described herein again in order to avoid repetition.
The above description mainly introduces the solutions provided by the embodiments of the present invention from the perspective of electronic devices. It is understood that the electronic device provided by the embodiment of the present invention includes a hardware structure and/or a software module for performing the above functions. Those of skill in the art will readily appreciate that the present invention can be implemented in hardware or a combination of hardware and computer software for performing the exemplary elements and algorithm steps described in connection with the embodiments disclosed herein.
Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiment of the present invention, the electronic device and the like may be divided into functional modules according to the above method examples, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
It should be noted that, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit may be implemented in the form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the technical solution can be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to execute all or part of the steps of the method according to the embodiments of the present invention. The computer storage medium is a non-transitory (English) medium, comprising: flash memory, removable hard drive, read only memory, random access memory, magnetic or optical disk, and the like.
On the other hand, an embodiment of the present invention further provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method steps provided in the foregoing embodiments, and can achieve the same technical effects, and details are not repeated herein.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (31)

1. A certificate application method is applied to vehicle networking equipment and is characterized by comprising the following steps:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an access domain authorization token sent by the second vehicle networking system;
and acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token.
2. The certificate application method according to claim 1, wherein before receiving the domain-entry authorization token sent by the second vehicle networking system, the method further comprises:
sending a domain application message to the first car networking system;
receiving an out-domain authorization token sent by the first vehicle networking system based on the out-domain application message, wherein the out-domain authorization token comprises a device signature certificate of the vehicle networking device;
and sending an access domain application message to the second vehicle networking system, wherein the access domain application message comprises the access domain authorization token, and the access domain application message is digitally signed through a private key corresponding to the device signature certificate.
3. The certificate application method of claim 2, wherein before sending out the domain application message to the first vehicle networking system, further comprising:
sending an identification application message to the second vehicle networking system;
receiving a cross-domain application identifier sent by the second vehicle networking system based on the identifier application message, wherein the cross-domain application identifier corresponds to the current access application;
wherein, the domain-crossing application identifier is included in both the domain-crossing application message and the domain-crossing authorization token.
4. A certificate application method according to claim 2 or 3, characterized in that the out-of-domain authorization token further comprises device information of the car networking device and/or a registration certificate application message.
5. The certificate application method according to claim 2, wherein the receiving of the domain-entry authorization token sent by the second vehicle networking system comprises:
and receiving an access response message sent by the second vehicle networking system based on the access application message, wherein the access response message comprises the access authorization token, and the access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the access application.
6. The certificate application method according to claim 5, wherein the domain entry authorization token further contains device information of the vehicle networking device and/or device identification of the vehicle networking device in the second vehicle networking system;
the domain entry response message further includes address information of a registered Certificate Authority (CA) in the second vehicle networking system and/or address information of an application CA in the second vehicle networking system.
7. The certificate application method according to claim 5, wherein the obtaining of the registration certificate of the second car networking system based on the domain-entry authorization token comprises:
sending a registration certificate application message to the second vehicle networking system, wherein the registration certificate application message contains the domain-entering authorization token and is digitally signed by a private key corresponding to the device signature certificate;
and receiving the registration certificate sent by the second vehicle networking system based on the registration certificate application message.
8. The certificate application method according to claim 1 or 7, wherein after acquiring the registration certificate of the second car networking system based on the domain entry authorization token, the method further comprises:
sending an application certificate application message to the second vehicle networking system, wherein the application certificate application message contains the registration certificate;
and receiving the application certificate sent by the second vehicle networking system based on the application certificate application message.
9. A certificate application method is applied to a first vehicle networking system and is characterized by comprising the following steps:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an out-of-domain application message sent by the vehicle networking equipment;
based on the domain-exiting application message, sending a domain-exiting authorization token to the car networking device, wherein the domain-exiting authorization token contains a device signature certificate of the car networking device, so that the car networking device sends a domain-entering application message to the second car networking system and obtains a domain-entering authorization token, the domain-entering application message contains the domain-exiting authorization token, and the domain-entering application message carries out digital signature through a private key corresponding to the device signature certificate.
10. The certificate application method according to claim 9, wherein the domain-crossing application identifier is included in both the domain-crossing application message and the domain-crossing authorization token; the cross-domain application identifier is the fact that the car networking equipment applies for the second car networking system, and the cross-domain application identifier corresponds to the current entering application.
11. A certificate application method according to claim 9 or 10, wherein the out-of-domain authorization token further comprises device information of the car networking device and/or a registration certificate application message.
12. A certificate application method is applied to a second vehicle networking system and is characterized by comprising the following steps:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, a domain-entering authorization token is sent to the vehicle networking equipment, so that the vehicle networking equipment obtains a registration certificate of the second vehicle networking system based on the domain-entering authorization token.
13. The certificate application method of claim 12, wherein sending an entry domain authorization token to the vehicle networking device comprises:
receiving an entry domain application message sent by the Internet of vehicles equipment, wherein the entry domain application message comprises an exit domain authorization token, the exit domain authorization token is obtained by applying the Internet of vehicles equipment to the first Internet of vehicles system, the exit domain authorization token comprises an equipment signature certificate of the Internet of vehicles equipment, and the entry domain application message is digitally signed through a private key corresponding to the equipment signature certificate;
and sending a domain access response message to the vehicle networking equipment based on the domain access application message, wherein the domain access response message comprises a domain access authorization token, and the domain access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the current domain access application.
14. The certificate application method according to claim 13, wherein before receiving the inbound request message sent by the vehicle networking device, the method further comprises:
receiving an identification application message sent by the Internet of vehicles equipment;
sending a cross-domain application identifier to the Internet of vehicles equipment based on the identifier application message, wherein the cross-domain application identifier corresponds to the current access application;
correspondingly, the domain-crossing authorization token also comprises the cross-domain application identifier.
15. A certificate application method according to claim 13 or 14, wherein the out-of-domain authorization token further comprises device information of the car networking device and/or a registration certificate application message.
16. The certificate application method according to claim 13, wherein the domain entry authorization token further includes device information of the car networking device and/or a device identifier of the car networking device in the second car networking system;
the domain entry response message further includes address information of a registered Certificate Authority (CA) in the second vehicle networking system and/or address information of an application CA in the second vehicle networking system.
17. The certificate application method according to claim 13, wherein before sending an incoming domain response message to the car networking device based on the incoming domain application message, further comprising:
acquiring a domain-out authorization token in the domain-in application message, and acquiring a device signature certificate in the domain-out authorization token;
and when the digital signature of the domain-entering application message is verified to be a valid signature through the equipment signature certificate, determining that the domain-entering application message is a valid message.
18. The certificate application method of claim 13, wherein after sending the domain authorization token to the vehicle networking device, further comprising:
receiving a registration certificate application message sent by the Internet of vehicles equipment, wherein the registration certificate application message comprises the access domain authorization token and is digitally signed through a private key corresponding to the equipment signature certificate;
acquiring the access domain authorization token in the registration certificate application message, and acquiring a device signature certificate in the access domain authorization token;
and when the digital signature of the registration certificate application message is a valid signature obtained through the equipment signature certificate verification, determining that the registration certificate application message is a valid message, and sending a registration certificate to the Internet of vehicles equipment.
19. The certificate application method of claim 18, further comprising, after sending the registration certificate to the vehicle networking device:
receiving an application certificate application message sent by the Internet of vehicles equipment, wherein the application certificate application message contains the registration certificate;
and sending the application certificate to the Internet of vehicles equipment based on the application certificate application message.
20. The utility model provides a certificate application apparatus, is applied to car networking equipment, its characterized in that includes:
the receiving module is used for receiving an access authorization token sent by a second vehicle networking system when the vehicle networking equipment applies for entering the second vehicle networking system from a first vehicle networking system;
and the acquisition module is used for acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token.
21. A certificate application device is applied to a first vehicle networking system and is characterized by comprising:
the receiving module is used for receiving an out-of-domain application message sent by the Internet of vehicles equipment when the Internet of vehicles equipment applies for entering a second Internet of vehicles system from a first Internet of vehicles system;
and the sending module is used for sending a domain authorization token to the vehicle networking equipment based on the domain-outgoing application message, wherein the domain-outgoing authorization token comprises the equipment signature certificate of the vehicle networking equipment, so that the vehicle networking equipment sends a domain-incoming application message to the second vehicle networking system and acquires the domain-incoming authorization token, the domain-incoming application message comprises the domain-outgoing authorization token, and the domain-incoming application message carries out digital signature through a private key corresponding to the equipment signature certificate.
22. A certificate application device is applied to a second vehicle networking system and is characterized by comprising:
the sending module is used for sending a domain access authorization token to the vehicle networking equipment when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, so that the vehicle networking equipment obtains the registration certificate of the second vehicle networking system based on the domain access authorization token.
23. A vehicle networking device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program performs the steps of:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an access domain authorization token sent by the second vehicle networking system;
and acquiring the registration certificate of the second vehicle networking system based on the domain access authorization token.
24. The vehicle networking device of claim 23, wherein before receiving the domain entry authorization token sent by the second vehicle networking system, the method further comprises:
sending a domain application message to the first car networking system;
receiving an out-domain authorization token sent by the first vehicle networking system based on the out-domain application message, wherein the out-domain authorization token comprises a device signature certificate of the vehicle networking device;
and sending an access domain application message to the second vehicle networking system, wherein the access domain application message comprises the access domain authorization token, and the access domain application message is digitally signed through a private key corresponding to the device signature certificate.
25. The vehicle networking device of claim 24, wherein the receiving the domain entry authorization token sent by the second vehicle networking system comprises:
and receiving an access response message sent by the second vehicle networking system based on the access application message, wherein the access response message comprises the access authorization token, and the access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the access application.
26. A first vehicle networking system comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, receiving an out-of-domain application message sent by the vehicle networking equipment;
based on the domain-exiting application message, sending a domain-exiting authorization token to the car networking device, wherein the domain-exiting authorization token contains a device signature certificate of the car networking device, so that the car networking device sends a domain-entering application message to the second car networking system and obtains a domain-entering authorization token, the domain-entering application message contains the domain-exiting authorization token, and the domain-entering application message carries out digital signature through a private key corresponding to the device signature certificate.
27. The first vehicle networking system of claim 26, wherein the out-of-domain application message and the out-of-domain authorization token each comprise a cross-domain application identifier; the cross-domain application identifier is the fact that the car networking equipment applies for the second car networking system, and the cross-domain application identifier corresponds to the current entering application.
28. A second car networking system comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the computer program implements the steps of:
when the vehicle networking equipment applies for entering a second vehicle networking system from a first vehicle networking system, a domain-entering authorization token is sent to the vehicle networking equipment, so that the vehicle networking equipment obtains a registration certificate of the second vehicle networking system based on the domain-entering authorization token.
29. The second vehicle networking system of claim 28, wherein the sending the domain authorization token to the vehicle networking device comprises:
receiving an entry domain application message sent by the Internet of vehicles equipment, wherein the entry domain application message comprises an exit domain authorization token, the exit domain authorization token is obtained by applying the Internet of vehicles equipment to the first Internet of vehicles system, the exit domain authorization token comprises an equipment signature certificate of the Internet of vehicles equipment, and the entry domain application message is digitally signed through a private key corresponding to the equipment signature certificate;
and sending a domain access response message to the vehicle networking equipment based on the domain access application message, wherein the domain access response message comprises a domain access authorization token, and the domain access authorization token comprises the equipment signature certificate and a cross-domain application identifier corresponding to the current domain access application.
30. The second vehicle networking system according to claim 29, wherein before sending the domain entry response message to the vehicle networking device based on the domain entry request message, the second vehicle networking system further comprises:
acquiring a domain-out authorization token in the domain-in application message, and acquiring a device signature certificate in the domain-out authorization token;
and when the digital signature of the domain-entering application message is verified to be a valid signature through the equipment signature certificate, determining that the domain-entering application message is a valid message.
31. A non-transitory computer readable storage medium having stored thereon a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the certificate application method according to any one of claims 1 to 8, or implements the steps of the certificate application method according to any one of claims 9 to 11, or implements the steps of the certificate application method according to any one of claims 12 to 19.
CN202010193435.8A 2020-03-18 2020-03-18 Certificate application method and device Active CN113497708B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010193435.8A CN113497708B (en) 2020-03-18 2020-03-18 Certificate application method and device
PCT/CN2020/137283 WO2021184865A1 (en) 2020-03-18 2020-12-17 Method and apparatus for applying for certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010193435.8A CN113497708B (en) 2020-03-18 2020-03-18 Certificate application method and device

Publications (2)

Publication Number Publication Date
CN113497708A true CN113497708A (en) 2021-10-12
CN113497708B CN113497708B (en) 2022-11-08

Family

ID=77771872

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010193435.8A Active CN113497708B (en) 2020-03-18 2020-03-18 Certificate application method and device

Country Status (2)

Country Link
CN (1) CN113497708B (en)
WO (1) WO2021184865A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1805341A (en) * 2006-01-11 2006-07-19 西安电子科技大学 Network authentication and key allocation method across secure domains
US20110093938A1 (en) * 2008-05-19 2011-04-21 Nokia Corporatiion Methods, apparatuses, and computer program products for bootstrapping device and user authentication
US9769153B1 (en) * 2015-08-07 2017-09-19 Amazon Technologies, Inc. Validation for requests
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835438B (en) * 2006-03-22 2011-07-27 阿里巴巴集团控股有限公司 Method of realizing single time accession between websites and website thereof
CN107359996B (en) * 2016-05-09 2020-05-05 阿里巴巴集团控股有限公司 Automatic login method and device among multiple network stations

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1805341A (en) * 2006-01-11 2006-07-19 西安电子科技大学 Network authentication and key allocation method across secure domains
US20110093938A1 (en) * 2008-05-19 2011-04-21 Nokia Corporatiion Methods, apparatuses, and computer program products for bootstrapping device and user authentication
US9769153B1 (en) * 2015-08-07 2017-09-19 Amazon Technologies, Inc. Validation for requests
US20170366538A1 (en) * 2015-08-07 2017-12-21 Amazon Technologies, Inc. Validation for requests
CN109743172A (en) * 2018-12-06 2019-05-10 国网山东省电力公司电力科学研究院 Based on alliance's block chain V2G network cross-domain authentication method, information data processing terminal

Also Published As

Publication number Publication date
CN113497708B (en) 2022-11-08
WO2021184865A1 (en) 2021-09-23

Similar Documents

Publication Publication Date Title
WO2020224621A1 (en) Method for applying for digital certificate
US20190363896A1 (en) Blockchain based decentralized and distributed certificate authority
WO2019072011A1 (en) Electric car charging method and system using certificate-based management
KR101837338B1 (en) Cloud-Assisted Conditional Privacy Preserving Authentication Method for VANET and System Therefor
US20160127353A1 (en) Method and apparatus for enabling secured certificate enrollment in a hybrid cloud public key infrastructure
WO2014121708A2 (en) Message certification application method, device, and system
CN113271565B (en) Vehicle communication method, device, storage medium and program product
EP2608477A1 (en) Trusted certificate authority to create certificates based on capabilities of processes
CN109327309A (en) A kind of domain traversal key management method based on IBC Yu PKI mixed system
CN108683506B (en) Digital certificate application method, system, fog node and certificate authority
WO2022252992A1 (en) User data authorization method and user data authorization system
CN112784310A (en) Certificate management method, certificate authorization center, management node and Internet of vehicles terminal
CN115378737A (en) Cross-domain device communication trust method, device, equipment and medium
CN113395160B (en) Certificate management method and device, issuing entity, management entity and vehicle networking equipment
CN113497707B (en) Application certificate application method and device
CN113765667B (en) Anonymous certificate application method, device authentication method, device, apparatus and medium
CN113497708B (en) Certificate application method and device
CN116828451A (en) Block chain-based network connection motorcade identity authentication method, device and medium
CN114374516B (en) Certificate revocation list distribution method and device, storage medium, server and vehicle networking device
CN115567221A (en) Certificate hierarchical management method and device
CN113225733B (en) User identification module, certificate acquisition method, device and storage medium
KR20070054049A (en) Long-term verification method and system for certificate of the electronic signature
EP2983143A1 (en) Security management system for revoking a token from at least one service provider terminal of a service provider system
CN114125764B (en) Internet of vehicles equipment management system, method and device
CN112448809B (en) Key provisioning system and related methods and products

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant